Conference Chairperson
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Conference Co-Chair
Jacxine Fernandez, VP – Information Security & ICT Governance, Bangalore International Airport Ltd.
Advisory Members
Elavarasu A K, Senior Vice President & CISO, Mphasis
Kumar KV, Group Chief Information Officer, Narayana Health
Manoj Kuruvanthody, CISO & DPO, Tredence Inc.
Ratan Jyoti, Chief Information Security Officer (CISO), Ujjivan Small Finance Bank Ltd.
Visagan Subburayalu, Sr. Director-Technology, Cybersecurity, Target
The big challenge impacting enterprise security today is the dark web - a seemingly ungovernable subset of the internet where you can browse and communicate with complete anonymity. Through the use of the dark web and cryptocurrencies, criminals have been able to successfully run the “crime-as-a-service" model. However, businesses and the security agencies have been able to make very little, if any, impact.
How can you make your enterprises cybercrime-resilient, and how should law enforcement respond to this menace? How do security practitioners leverage threat intelligence capabilities to navigate through the dark web?
The session will cover:
Challenges posed by the dark web and cryptocurrencies for enterprise security
How is law enforcement responding to the investigation process and building technical capabilities?
New techniques and approaches used to combat security threats from the dark web
Actionable threat intelligence capabilities in understanding the enemy
Among other things, 2022 will be remembered for the Russian invasion of Ukraine and the cyberwarfare that transpired between the two nations. There has also been a significant increase in ransomware attacks on critical infrastructures globally in 2022, including AIIMS, one of India’s leading medical institutes. Following cyberattacks on its critical infrastructure, the Costa Rican government had to declare a national emergency.
Given the sophistication of the threat landscape, how must India be prepared? What are the new security challenges and opportunities in 2023?
The keynote will cover:
Global innovations: how disruptive are they for security ecosystem
What global partnerships can we form to strengthen our cybersecurity policies?
New technologies and frameworks used in enhancing the security posture
What are the key takeaways CISOs need to learn to respond to the challenges?
Consolidation/Rationalization of Regulation
Due to the widespread adoption of cloud solutions and remote work in the wake of the COVID-19 pandemic, the attack surfaces of most organizations have experienced a significant increase. To counter this, organizations today need to implement the right cybersecurity strategies for endpoints.
The session will cover:
File transfer is integral to every organization's day-to-day business and operations, and the risk of malicious files infiltrating your system and storage is rising. On the other side, files have been a common form of threat vector. Hence, organizations need to ensure necessary controls against files in transit and files at rest and a comprehensive security strategy to mitigate risks arising from this vulnerability.
The session will cover:
The rapid evolution and sophistication of cyberattacks and the migration of assets to hybrid multi-cloud are creating a complete storm. It’s time to move past siloed security to a more collaborative and flexible approach to security.
Organizations are trying cybersecurity mesh architecture designed to make security more composable and scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers. Like zero trust, the cybersecurity web is focused on reimagining the boundaries of the identity layer and bringing together disparate security tools into a single, interoperable ecosystem.
The session will cover:
SaaS solutions are among the fastest-growing segments in the IT industry. According to McKinsey, the global SaaS market - currently worth about $3 trillion - is estimated to surge to $10 trillion by 2030. This implies that gains from revenue, lower overhead, offloading complex technical work to SaaS providers, and scaling with elasticity should all be balanced with availability of security controls in the offerings so that security-related risks can be managed at acceptable levels. Zooming into the available options and nailing few security controls that can help address core security considerations for control implementation and governance require qualitative and quantitative assurance along with risk acceptances.
Attendees will gain insight into scenarios, learnings, practical challenges and risk acceptances for consuming SaaS offerings for core security services.
The session will cover:
Best practices and security controls to be assessed for core security SaaS solutions;
Continuous monitoring and vigilance requisites;
Critical data protection characteristics for compliance and assurance needs.
A debate between a data privacy officer, a CIO and a CISO on how to juxtapose privacy and security to achieve total compliance.
The session will cover:
Establishing compliance with complex regulations along with privacy and security
Privacy by design in security controls
Privacy journey from legacy to controls
The Reserve Bank of India has been holding discussions to understand the scope of cryptocurrency in the Indian economy and to formulate regulations and a proper system to govern this. It is also warning cryptocurrency users and traders about the risks associated with the system.
However, experts say bitcoin usage by Indian companies is gaining momentum, and cryptocurrency now has more than five million users in the country.
Reports say over 3,000 investments in India were being done with bitcoin daily.
The panel will discuss:
Assessing the risks associated with the use of bitcoin
Are security leaders prepared for the bitcoin regime?
Establishing secure transactions using bitcoin
Recent reports on zero trust adoption show that 96% of organizations in India either have a zero trust strategy or are in the process of doing so. Despite the wide adoption of zero trust, getting management buy-in is not easy. Cost, legacy infrastructure and complicated deployment are factors that often derail its implementation. What are some practical strategies to implement zero trust and how to get your 'house in order' before going for a zero trust strategy?
The session will cover:
Most Indian enterprises consider themselves as being above average or better in their cyber preparedness than their competitors in responding to threats, according to an analytics firm’s survey with senior cyber executives.
However, the most critical aspect of a successful cybersecurity program is doing the basics right, which has a direct impact on the efficacy of the program. It’s similar to the game of Zenga puzzle, where you need the foundation to be strong while you make efforts to consolidate your teams, tool stack, spends. The biggest challenge for organizations today is to get their basics right in cybersecurity.
The session will discuss:
· Setting the practical goals around inventory, detection, and remediation engineering
· Enhancing the cyber health of the organization at scale and risk reduction
· Assessing external risks, limitations, commitments, and resources
Most Indian enterprises consider themselves as being above average or better in their cyber preparedness than their competitors in responding to threats, according to an analytics firm’s survey with senior cyber executives.
However, the most critical aspect of a successful cybersecurity program is doing the basics right, which has a direct impact on the efficacy of the program. It’s similar to the game of Zenga puzzle, where you need the foundation to be strong while you make efforts to consolidate your teams, tool stack, spends. The biggest challenge for organizations today is to get their basics right in cybersecurity.
The session will discuss:
· Setting the practical goals around inventory, detection, and remediation engineering
· Enhancing the cyber health of the organization at scale and risk reduction
· Assessing external risks, limitations, commitments, and resources
As organizations embrace (and accelerate) digitalization to offer new and innovative services, the vulnerabilities associated with data and technology will increase. According to research, cybercrime damage is expected to reach $8 trillion in 2023. Almost every organization will be impacted by a cyberattack this year, and it is crucial for businesses to rethink their risk management and incident response strategies.
In the face of an increasing threat landscape, with the growing volume and sophistication of attacks, companies need more than a security solution or governance policy to be prepared for these attacks.
They need a proactive and integrated approach with threat monitoring, threat intelligence, and end-to-end managed services.
That's where cyber resilience comes in. It is not an afterthought, but needs to be built by design.
The panel will discuss:
The importance of cyber resilience in today's context, and how do you achieve it in your organization
Cyber resilience versus cybersecurity
How to create a bullet-proof incident response plan
The need for cyber resilience solutions and frameworks
Ransomware attacks are becoming inevitable as bad actors exploit the weakest link of cyber defense - humans. The goal of cyber resilience is to transform business expectations and guarantee that businesses face a less-than-significant impact from a cyberattack. NIST defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses and attacks by cyber resources. The recovery process needs to ensure not only a quick recovery but also a quicker return to business. What is your current cyber recovery strategy? What challenges are you facing under recovery?
The session will cover:
How much to rely on backups
Practicality of creating an alternate environment
Leveraging cloud for better resilience
More than 90% of consumers around the world rely on online payments, according to a research study. This, however, brings with it an increase in transaction fraud. Fraudsters are relying on synthetic IDs to carry out various card-related frauds.
Social engineering is also increasingly becoming a deceptive tactic to trick people into divulging information. With so much going on, how can the payment industry tackle the new-age methods to reduce fraud?
The session will cover:
• The new forms of fraud tactics
• The shortcomings of the current defensive approach
• What needs to change in 2023
We are living in a VUCA world – a world that is volatile, uncertain, complex and ambiguous. As per India’s policymakers, VUCA is nothing but the AAJA world - Asthirata, which means volatility or a high rate of change; Anishchita, which means uncertainty and lack of clarity about the present and the future; Jatilata, which means complexity concerning multiple factors that impact critical decisions; and Aspashtata, which means ambiguity about the unprecedented and challenging times in the industry.
We are into 2023, and are witnessing growing chaos in the cybersecurity domain with multiple forms of attacks targeting enterprises.
What kind of conversations do the security teams need to have, what should be their strategies and what is their focus area?
The panel will discuss:
Cybersecurity lessons learned from economic uncertainty
New forms of security defenses enterprises have adopted in 2023
What’s top of mind for CISOs in tackling this situation
Conference Chairperson
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Conference Co-Chair
Jacxine Fernandez, VP – Information Security & ICT Governance, Bangalore International Airport Ltd.
Advisory Members
Elavarasu A K, Senior Vice President & CISO, Mphasis
Kumar KV, Group Chief Information Officer, Narayana Health
Manoj Kuruvanthody, CISO & DPO, Tredence Inc.
Ratan Jyoti, Chief Information Security Officer (CISO), Ujjivan Small Finance Bank Ltd.
Visagan Subburayalu, Sr. Director-Technology, Cybersecurity, Target
The big challenge impacting enterprise security today is the dark web - a seemingly ungovernable subset of the internet where you can browse and communicate with complete anonymity. Through the use of the dark web and cryptocurrencies, criminals have been able to successfully run the “crime-as-a-service" model. However, businesses and the security agencies have been able to make very little, if any, impact.
How can you make your enterprises cybercrime-resilient, and how should law enforcement respond to this menace? How do security practitioners leverage threat intelligence capabilities to navigate through the dark web?
The session will cover:
Challenges posed by the dark web and cryptocurrencies for enterprise security
How is law enforcement responding to the investigation process and building technical capabilities?
New techniques and approaches used to combat security threats from the dark web
Actionable threat intelligence capabilities in understanding the enemy
Among other things, 2022 will be remembered for the Russian invasion of Ukraine and the cyberwarfare that transpired between the two nations. There has also been a significant increase in ransomware attacks on critical infrastructures globally in 2022, including AIIMS, one of India’s leading medical institutes. Following cyberattacks on its critical infrastructure, the Costa Rican government had to declare a national emergency.
Given the sophistication of the threat landscape, how must India be prepared? What are the new security challenges and opportunities in 2023?
The keynote will cover:
Global innovations: how disruptive are they for security ecosystem
What global partnerships can we form to strengthen our cybersecurity policies?
New technologies and frameworks used in enhancing the security posture
What are the key takeaways CISOs need to learn to respond to the challenges?
Consolidation/Rationalization of Regulation
Due to the widespread adoption of cloud solutions and remote work in the wake of the COVID-19 pandemic, the attack surfaces of most organizations have experienced a significant increase. To counter this, organizations today need to implement the right cybersecurity strategies for endpoints.
The session will cover:
File transfer is integral to every organization's day-to-day business and operations, and the risk of malicious files infiltrating your system and storage is rising. On the other side, files have been a common form of threat vector. Hence, organizations need to ensure necessary controls against files in transit and files at rest and a comprehensive security strategy to mitigate risks arising from this vulnerability.
The session will cover:
The rapid evolution and sophistication of cyberattacks and the migration of assets to hybrid multi-cloud are creating a complete storm. It’s time to move past siloed security to a more collaborative and flexible approach to security.
Organizations are trying cybersecurity mesh architecture designed to make security more composable and scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers. Like zero trust, the cybersecurity web is focused on reimagining the boundaries of the identity layer and bringing together disparate security tools into a single, interoperable ecosystem.
The session will cover:
SaaS solutions are among the fastest-growing segments in the IT industry. According to McKinsey, the global SaaS market - currently worth about $3 trillion - is estimated to surge to $10 trillion by 2030. This implies that gains from revenue, lower overhead, offloading complex technical work to SaaS providers, and scaling with elasticity should all be balanced with availability of security controls in the offerings so that security-related risks can be managed at acceptable levels. Zooming into the available options and nailing few security controls that can help address core security considerations for control implementation and governance require qualitative and quantitative assurance along with risk acceptances.
Attendees will gain insight into scenarios, learnings, practical challenges and risk acceptances for consuming SaaS offerings for core security services.
The session will cover:
Best practices and security controls to be assessed for core security SaaS solutions;
Continuous monitoring and vigilance requisites;
Critical data protection characteristics for compliance and assurance needs.
A debate between a data privacy officer, a CIO and a CISO on how to juxtapose privacy and security to achieve total compliance.
The session will cover:
Establishing compliance with complex regulations along with privacy and security
Privacy by design in security controls
Privacy journey from legacy to controls
The Reserve Bank of India has been holding discussions to understand the scope of cryptocurrency in the Indian economy and to formulate regulations and a proper system to govern this. It is also warning cryptocurrency users and traders about the risks associated with the system.
However, experts say bitcoin usage by Indian companies is gaining momentum, and cryptocurrency now has more than five million users in the country.
Reports say over 3,000 investments in India were being done with bitcoin daily.
The panel will discuss:
Assessing the risks associated with the use of bitcoin
Are security leaders prepared for the bitcoin regime?
Establishing secure transactions using bitcoin
Recent reports on zero trust adoption show that 96% of organizations in India either have a zero trust strategy or are in the process of doing so. Despite the wide adoption of zero trust, getting management buy-in is not easy. Cost, legacy infrastructure and complicated deployment are factors that often derail its implementation. What are some practical strategies to implement zero trust and how to get your 'house in order' before going for a zero trust strategy?
The session will cover:
Most Indian enterprises consider themselves as being above average or better in their cyber preparedness than their competitors in responding to threats, according to an analytics firm’s survey with senior cyber executives.
However, the most critical aspect of a successful cybersecurity program is doing the basics right, which has a direct impact on the efficacy of the program. It’s similar to the game of Zenga puzzle, where you need the foundation to be strong while you make efforts to consolidate your teams, tool stack, spends. The biggest challenge for organizations today is to get their basics right in cybersecurity.
The session will discuss:
· Setting the practical goals around inventory, detection, and remediation engineering
· Enhancing the cyber health of the organization at scale and risk reduction
· Assessing external risks, limitations, commitments, and resources
Most Indian enterprises consider themselves as being above average or better in their cyber preparedness than their competitors in responding to threats, according to an analytics firm’s survey with senior cyber executives.
However, the most critical aspect of a successful cybersecurity program is doing the basics right, which has a direct impact on the efficacy of the program. It’s similar to the game of Zenga puzzle, where you need the foundation to be strong while you make efforts to consolidate your teams, tool stack, spends. The biggest challenge for organizations today is to get their basics right in cybersecurity.
The session will discuss:
· Setting the practical goals around inventory, detection, and remediation engineering
· Enhancing the cyber health of the organization at scale and risk reduction
· Assessing external risks, limitations, commitments, and resources
As organizations embrace (and accelerate) digitalization to offer new and innovative services, the vulnerabilities associated with data and technology will increase. According to research, cybercrime damage is expected to reach $8 trillion in 2023. Almost every organization will be impacted by a cyberattack this year, and it is crucial for businesses to rethink their risk management and incident response strategies.
In the face of an increasing threat landscape, with the growing volume and sophistication of attacks, companies need more than a security solution or governance policy to be prepared for these attacks.
They need a proactive and integrated approach with threat monitoring, threat intelligence, and end-to-end managed services.
That's where cyber resilience comes in. It is not an afterthought, but needs to be built by design.
The panel will discuss:
The importance of cyber resilience in today's context, and how do you achieve it in your organization
Cyber resilience versus cybersecurity
How to create a bullet-proof incident response plan
The need for cyber resilience solutions and frameworks
Ransomware attacks are becoming inevitable as bad actors exploit the weakest link of cyber defense - humans. The goal of cyber resilience is to transform business expectations and guarantee that businesses face a less-than-significant impact from a cyberattack. NIST defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses and attacks by cyber resources. The recovery process needs to ensure not only a quick recovery but also a quicker return to business. What is your current cyber recovery strategy? What challenges are you facing under recovery?
The session will cover:
How much to rely on backups
Practicality of creating an alternate environment
Leveraging cloud for better resilience
More than 90% of consumers around the world rely on online payments, according to a research study. This, however, brings with it an increase in transaction fraud. Fraudsters are relying on synthetic IDs to carry out various card-related frauds.
Social engineering is also increasingly becoming a deceptive tactic to trick people into divulging information. With so much going on, how can the payment industry tackle the new-age methods to reduce fraud?
The session will cover:
• The new forms of fraud tactics
• The shortcomings of the current defensive approach
• What needs to change in 2023
We are living in a VUCA world – a world that is volatile, uncertain, complex and ambiguous. As per India’s policymakers, VUCA is nothing but the AAJA world - Asthirata, which means volatility or a high rate of change; Anishchita, which means uncertainty and lack of clarity about the present and the future; Jatilata, which means complexity concerning multiple factors that impact critical decisions; and Aspashtata, which means ambiguity about the unprecedented and challenging times in the industry.
We are into 2023, and are witnessing growing chaos in the cybersecurity domain with multiple forms of attacks targeting enterprises.
What kind of conversations do the security teams need to have, what should be their strategies and what is their focus area?
The panel will discuss:
Cybersecurity lessons learned from economic uncertainty
New forms of security defenses enterprises have adopted in 2023
What’s top of mind for CISOs in tackling this situation
April 12 - 14, 2023
Cybersecurity Summit: Bengaluru